Architecting a Reliable and Scalable VoIP Trunking Solution

Architecting a Reliable and Scalable VoIP Trunking Solution An Overview of RESIP Core and Edge Design Guidelines White Paper Issued by: Siemens Communications and Juniper Networks, Inc. Edition: 2.2 February 2005 1

Executive Summary Time-division multiplexing (TDM)-based circuit-switched networks have been the benchmark for reliability and quality for decades. Although the high standards set by the traditional phone network are the product of many decades of development, users expect their new voice over IP (VoIP) services to match the quality and reliability of their traditional phone lines. The best-effort nature of today s IP networks makes this a significant challenge for service providers. Tested and verified engineering excellence The RESIP design for VoIP Trunking offers more efficient deployments and greater reliability than TDM. Siemens and Juniper Networks, Inc. have established the RESilient IP (RESIP) Proof-of-Concept (POC) Lab to validate, optimize and certify IP solutions that service providers can use to migrate legacy services to IP without compromising quality. The RESIP Certified VoIP Trunking solution outlined in this document is the first major solution completed in the RESIP POC Lab. The resulting benefit to service providers is a fully tested and complete network architecture that allows multiple solutions to be deployed over a single network. Siemens and Juniper Networks have developed extensive design guidelines and engineering rules to create a VoIP Trunking solution that provides quicker, more efficient deployments and higher availability than the legacy TDM infrastructure. Tests performed in the RESIP POC Lab reveal that: The SURPASS Media Gateways and Juniper Networks routers used in the design can successfully handle overloaded links without noticeable impact on voice service quality. The design s Quality of Service (QoS) implementation enables high-priority voice traffic to cross the network even if bursts of best-effort data traffic overload some links. Operators can deploy security mechanisms across the network without affecting performance enabling them to maintain high availability and quality during Denial of Service (DoS) attacks. Scalable network topologies and features such as configurable hello timers and Bidirectional Forwarding Detection protocol (BFD) enable the VoIP Trunking solution to quickly and cost-effectively detect and recover from link failures. These technologies create a more resilient and highly available service by preventing network outages from interrupting calls on affected links. Benefit from our experience Operators can base their VoIP Trunking solution on either interior gateway protocol (IGP) or Multiprotocol Label Switching (MPLS) engineering techniques. Both approaches meet the requirements for fast link failure detection and recovery, smooth software/hardware upgrades, and provide effective security. Service providers can tailor the RESIP Certified Solutions and engineering work to their specific network environment. Siemens offers professional network audit, design, planning, and implementation services to help carriers customize their VoIP Trunking solution. Edition: 2.2 February 2005 2

TABLE OF CONTENTS 1 Introduction... 4 2 Meeting Operator Expectations for VoIP Trunking... 5 3 Setting the Standard for VoIP QoS... 6 3.1 Classifying and Mapping Traffic... 6 3.2 Setting QoS Parameters for VoIP Trunking... 6 3.3 Analyzing RESIP Lab Results... 7 4 Securing Voice Services... 8 4.1 Implementing Ubiquitous Packet Filtering and Traffic Policing... 8 4.2 Protecting Against DoS Attacks... 8 4.3 Protecting Routing Protocols... 8 4.4 Securing Inband Management Traffic... 8 4.5 Assessing RESIP Lab Results... 8 5 Implementing Scalable Network Topologies... 9 5.1 Designing the Access Network... 9 5.2 Creating the IP Backbone... 9 6 Designing a Pure IGP Backbone... 11 6.1 Setting IGP Metrics... 11 6.2 Minimizing Failover Time... 11 6.3 Sizing Links... 11 6.4 Taking a Router Out of Service... 12 6.5 Analyzing RESIP Lab Results... 12 7 Adding MPLS to the Backbone Design... 13 7.1 Understanding Critical LSP Features... 13 7.2 Designing the LSP Topology... 13 7.3 Maintaining Performance in Case of a Failure... 14 7.4 Understanding RESIP Lab Results... 14 7.5 Comparing Pure IGP and MPLS... 14 8 Conclusion...15 9 About Siemens and Juniper Networks... 16 10 Abbreviations... 17 Edition: 2.2 February 2005 3

1 Introduction Several factors are driving the transition to IP networks. Incumbent voice providers must cut the cost of maintaining and upgrading their legacy voice infrastructure. At the same time, competing voice technologies and service providers are pushing traditional providers to deploy new services to defend their existing customer base. But video-telephony integration, messaging services, and other next generation applications are based on IP and can t be efficiently deployed over legacy infrastructures. A number of technical features make VoIP a compelling alternative. First, to scale a TDM network, operators must introduce one or more additional layers of trunk exchanges into the network hierarchy. In contrast, the VoIP network appears totally flat between the source and destination gateways to the soft-switch or call control device. This flat topology makes a VoIP network more cost-efficient to operate and provides greater flexibility to support traffic engineering. Second, operators can design IP-based solutions to deal with unexpected network behavior in a more user-friendly way than TDM-based networks. Finally, given an appropriate QoS scheme, VoIP can easily share IP network facilities with multiple high- and lowpriority services without compromising voice quality. SURPASS hie IP Trunking provides a complete range of carrier-grade, customized VoIP network solutions complemented by converged voice/data applications for building next-generation networks. Siemens and Juniper Networks have demonstrated their combined voice expertise in their joint RESIP POC Lab. Siemens and Juniper Networks have leveraged their voice and IP networking expertise to create a RESIP Certified VoIP Trunking solution that combines the Siemens SURPASS hie IP Trunking solution with Juniper Networks J- Voice features to implement high-quality VoIP services. (See Figure 1.) The Siemens SURPASS hie IP Trunking solution introduces a VoIP transport plane that interconnects local circuit-oriented networks to VoIP networks from other domains using virtual trunks established across an IP backbone network. The Trunk Gateway converts circuit-oriented voice streams into packet data streams, which are then routed across an IP-based packet network. When the Trunk Gateway at the other end of the network receives the packet data streams, it converts them back into circuit-oriented voice streams. The Juniper Networks J-Voice solution complements this approach by defining a set of key network features that operators can use to design an IP backbone capable of transporting high-quality VoIP services. The combination of Siemens SURPASS hiq8000 and SURPASS hie9200 soft-switches, Siemens SURPASS hig1200 Media Gateways, and Juniper Networks M- and T-series routing platforms used in this VoIP Trunking solution has been certified in the RESIP POC Lab. During this testing process, the RESIP team developed detailed design guidelines based on equipment and technologies that are already generally available to the market. SURPASS hie SURPASS hiq Juniper M-/T-Series Router IP / MPLS core Figure 1: The elements in the RESIP Certified VoIP Trunking Solution. SURPASS hig TDM network Edge Aggregation Access TDM network Edition: 2.2 February 2005 4

2 Meeting Operator Expectations for VoIP Trunking Given that the primary objective of any soft-switch solution is to increase profitability, the solution must offer a cost advantage over legacy TDM technology. But what about functionality? The RESIP Certified VoIP Trunking design meets the following requirements: Complete coverage and transparency for all public switched telephone network (PSTN) and ISDN services and features. 1) Service Transparency. To smoothly migrate users to the new platform, all services must be transparent between the TDM voice infrastructure and the IP-based solution. As the previous section described, the SURPASS hie IP Trunking solution uses virtual trunks to transparently deliver TDM voice services across an IP backbone network. 2) Service Quality. The introduction of mobile services and best-effort lowcost VoIP has broken the trend towards ever-improved voice quality. Although this has encouraged some to think that subscribers now demand less of their wireline voice service, end users are still frustrated when voice calls break up regardless of technology. To ensure that VoIP services match the quality of legacy TDM voice, the QoS subsystem must be able to account for propagation delay, jitter, and packet loss. As Section 3 details, Siemens and Juniper Networks have developed a QoS subsystem that can identify various traffic types and manage each according to its specific requirements across multiple links and network elements. 3) Service Security. The TDM infrastructure does a good job of ensuring the integrity of individual calls. As a result, subscribers invariably trust their wireline service. Service providers must maintain this same level of trust after migrating to VoIP. While all networks are potential targets, the advent of DoS attacks on the Internet in the late 1990s made networks complicit in enabling and even multiplying cyber-attacks. The result was a significant increase in the number and complexity of security attacks. As Section 4 describes, Siemens and Juniper Networks have crafted converged security solutions that use access control, stateful firewall capability, and other techniques to protect the network and assure the customers service experience. Best-in-class performance, scalability and reliability proven in major carrier networks worldwide 4) Service Scalability. Scaling network deployments to support millions of subscribers requires ongoing incremental investments. But successful service delivery should lead to increased revenue not network problems and unexpected capital outlays. Together, Siemens and Juniper Networks have built many of the world s largest networks. As Section 5 explains, that experience shapes the design of our RESIP Certified VoIP Trunking Solution. 5) Service Availability. To meet their customers service expectations, service providers should expect no less than TDM-level availability from their VoIP infrastructure. The network design should provide one-second network fault recovery to ensure service continuity and eliminate dropped calls. As Sections 6 and 7 explain, Siemens and Juniper Networks VoIP products incorporate multiple features and safeguards that allow service providers to keep network faults and service interruptions transparent to subscribers. Edition: 2.2 February 2005 5

3 Setting the Standard for VoIP QoS Data and voice applications have completely different service requirements for jitter, delay, and packet loss. Converged voice and data network environments must be able to meet the individual requirements of each application. To do this, we highly recommend that operators size the links and packet forwarding power of their network nodes to support all highpriority traffic, including VoIP, signaling, and routing traffic. Wire-speed forwarding simplifies resource planning Juniper Networks has designed its M- and T-series routers to forward all traffic on all ports at wire speed, even with services like packet filtering and policing enabled. This greatly simplifies resource planning and network maintenance, while efficiently utilizing raw capacity. Wire-speed forwarding alone does not ensure service quality. Unexpected bursts of data traffic can still congest network links. Link and node failures can also cause network congestion when traffic is rerouted over backup links. A proper QoS design ensures that the voice and signaling traffic can pass through the network at the expense of the best-effort traffic. M- and T-series routers include a rich set of features to support differentiated service classes for IPv4, IPv6, and MPLS traffic. The routers implement these QoS capabilities by applying a set of primitives in a general way to different protocol families. The routers can then use traffic policing, drop priorities, queuing, and scheduling mechanisms to achieve the appropriate QoS. Setting the priorities 3.1 Classifying and Mapping Traffic The RESIP design defines a QoS scheme that is simple to understand and easy to maintain when adding new services and traffic to the network. The verified RESIP backbone design differentiates between three types of traffic: voice bearer traffic, signaling traffic, and best-effort data traffic. The design uses the type of service (ToS) field to classify traffic and a trusted device to mark voice traffic. In this well-known and scalable approach, traffic can be either: Marked by a Media Gateway at the IP network ingress, such as the SURPASS hig1200. Determined by physical ports and marked by switches in the access network. Marked by the edge routers. Forwarding classes 3.2 Setting QoS Parameters for VoIP Trunking The RESIP Certified VoIP Trunking design maps each traffic class into its own forwarding class with a separate scheduling mechanism. Operators can set the following parameters for each forwarding class: Buffer size Specifies the maximum queue length. Transmit rate Specifies the bandwidth allocation for the forwarding class; for example, its percentage of the outgoing link speed. Priority class Specifies the scheduling priority assigned to the forwarding class; for example, whether the forwarding class has a strict high, high, or low priority. Drop profile(s) Specifies the conditions under which the packets in the forwarding class are dropped. Operators can set these parameters in different ways to achieve predictable network behavior in partly congested or fully congested situations. The network schedules transmissions on its outgoing port according to a deficit weighted round-robin (WRR). Edition: 2.2 February 2005 6

Figure 2: The QoS Scheme for the RESIP Certified VoIP Trunking Solution The RESIP Certified VoIP Trunking Solution treats each traffic class according to its respective requirements: Voice Traffic The solution places voice bearer traffic into a high-priority forwarding class with a high transmit rate. The smooth voice bearer traffic pattern eliminates the need for a large buffer. The network treats voice traffic as User Datagram Protocol (UDP) traffic. Voice traffic does not require a random early detection (RED) drop profile, because network congestion does not affect the transmission rate from the media gateway.. Signaling Traffic The solution maps signaling traffic to a separate high-priority forwarding class. Because signaling traffic only consumes a small amount of bandwidth, operators can support it using a low transmit rate and small buffers. Operators use a flat drop profile for signaling traffic to accommodate the retransmission procedures included in the signaling protocols. Data Traffic Finally, the solution assigns best-effort data traffic to a low-priority forwarding class. By definition, there are no bandwidth guarantees for best-effort data. Consequently, operators can set the associated transmit rate to a minimum threshold. Because bursty best-effort data traffic may include a mix of UDP and Transmission Control Protocol (TCP) sessions, we recommend that operators configure a large buffer and a moderate to steep drop profile for this forwarding class. Packet Loss Concealment If a packet gets lost on the way to the egress media gateway, the SURPASS hig 1200 uses a sophisticated packet loss concealment mechanism to minimize the disturbance to the user. 3.3 Analyzing RESIP Lab Results These principles formed the basis for the parameter settings tested in the RESIP POC Lab. Extensive testing demonstrated that: If the sum of voice and best-effort data traffic exceeds the link capacity, the solution discards only the best-effort data traffic resulting in no degradation of voice quality. The solution continues to meet packet loss, delay, and jitter requirements when the voice traffic consumes up to 90% of the capacity of certain links. The packet loss concealment feature on the SURPASS hig 1200 Media Gateway maintains high voice quality even if a significant amount of packet loss occurs within the network. Edition: 2.2 February 2005 7

4 Securing Voice Services Securing the infrastructure is critical to providing highly available services. Juniper s traffic policing does not impact forwarding performance and can be used across the complete network. The fact that legacy IP networks built to support Internet-based e-mail, web, and FTP services are vulnerable to attacks has created a false impression that the technology itself is insecure. However, carrier-grade routers and proper network design can effectively address these network vulnerabilities using packet filtering, traffic policing, and encryption. 4.1 Implementing Ubiquitous Packet Filtering and Traffic Policing The M- and T-series routers from Juniper Networks are designed to filter, police and count traffic for further analysis while forwarding all services at wire speed, regardless of the router s position in the network. This useful design allows the service providers to protect every node in the network without compromising performance. It also provides ubiquitous protection across the geographical reach of the network and its services. Operators can protect the router s control plane by applying filters to restrict local packets traversing from a physical port to the routing engine. 4.2 Protecting Against DoS Attacks Many DoS attacks target a victim host with a distributed flood of traffic. Operators can restrict these attacks by policing traffic in the core routers. To do this, operators can set policing for Internet Control Message Protocol (ICMP) traffic to a level that allows the router to accept ICMP traffic, but diminishes smurf attacks. In addition, Juniper Network routers implement unicast reverse-path forwarding (urpf) to help determine the source of attacks and reject packets from unexpected sources. This feature only accepts traffic from senders that originate from a network that is listed in the routing table. In edge deployments, operators can also configure this feature to operate in a strict mode, in which routers only accept traffic from the ports that have learned about the sources. Operators use urpf to efficiently protect the trunk gateways and soft-switches from traffic that does not derive from the VoIP Trunking network and management stations. 4.3 Protecting Routing Protocols As powerful network devices capable of controlling where to direct network traffic, routers are the targets of many attacks. Attackers often try to change the configuration and settings of the router state information by sending the router incorrect routing protocol packets. To guard against these attacks, routers must use encrypted authentication schemes to form trusted protocol relationships with their peering routers. One common authentication scheme is Message Digest 5 (MD5), which operators use to protect the Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), Open Shortest Path First (OSPF), and Virtual Router Redundancy Protocol (VRRP). 4.4 Securing Inband Management Traffic If the service provider does not build a separate network to manage its routers, the design must use one set of links to carry inband management, voice bearer, voice signaling, and data traffic. Operators can use SSH and secure copy protocol to provide secure communications over these links. We recommend that operators activate these encrypted services and use them in conjunction with filter policies to protect management communications against SYN flood DoS attacks. 4.5 Assessing RESIP Lab Results The RESIP POC Lab has verified that the urpf features work without impacting the forwarding performance of the M- and T-series routers. The overall solution provides a high level of security by applying common security policies across the entire network and only allowing traffic to pass onto the VoIP Trunking elements at specific interfaces. Edition: 2.2 February 2005 8

5 Implementing Scalable Network Topologies Providing profitable, high-quality VoIP services requires a cost-effective network topology that can scale to deliver services to millions of subscribers. Together, Siemens and Juniper Networks have built many of the world s largest networks. As this section describes, that experience has shaped the design of the access network as well as the core and edge router topologies used in the RESIP Certified VoIP Trunking solution. 5.1 Designing the Access Network In the SURPASS hie IP Trunking model, operators connect all SURPASS Media Gateways, such as SURPASS hig 1200 devices, through a pair of switches to the edge router sites (see Figure 3). Operators provision the edge routers to support virtual routers using VRRP. The virtual router is the network edge device. Operators configure the SURPASS hig 1200 Media Gateway device to use that router as its default gateway. Figure 3: SURPASS Media Gateway Connection to Edge Router Sites The design uses VRRP to detect edge router failures and provide a mechanism to easily switch to a backup router. Using VRRP provides a higher available default path without requiring every end-host to implement dynamic routing configuration or router discovery protocols. Operators can use the VRRP implementation to: Minimize the duration of outages. Minimize the steady state bandwidth overhead and processing complexity. Function over a wide variety of multi-access LAN technologies capable of supporting IP traffic. Automate the selection of multiple virtual routers on a network for load balancing. Support multiple logical IP subnets on a single LAN segment. The enhanced VRRP hello-timers with sub-second failover are guaranteed in the access network. When the network is properly configured, Layer 3 failures cause outages that last less than 1 second. 5.2 Creating the IP Backbone The introduction of purpose-built hardware and modular software has brought routers to a higher standard of availability. Today s technology allows operators to upgrade pieces of the software without rebooting the entire software code, hot swap line cards, and gracefully restart protocols. Still, each site should contain two routers to reduce maintenance costs and protect against catastrophic events, such as building power failures and natural disasters. Whether or not operators colocate these two routers depends on the availability of facilities at the site. Since a fully meshed core network with hundreds of nodes would require a Edition: 2.2 February 2005 9

significant number of interfaces and be very costly, we recommend that operators use a two-stage design that incorporates separate IP edge and core networks. This paper identifies a suitable interconnection topology for the IP edge and IP core that operators can used to implement very large networks that support up to 50 million subscribers over up to 8 million voice trunks. We have also studied both a small network that supports 50,000 voice trunks and a medium network that supports 500,000 voice trunks to develop guidelines for migrating economically to a large VoIP network. When designing the network, network engineers must not allow any single failure to separate two access areas from each other. In other words, the network design must provide at least two physically diverse paths between any two access areas. Operators can achieve this by implementing a network topology that consists of two parallel planes that are interconnected locally within the edge and core router sites. Figure 4 illustrates this basic interconnection concept. In the diagram, the two parallel planes are labeled A Plane and B Plane. Figure 4: Connection of the Edge Router Sites to the Core Network (basic topology) The traffic from each access site includes a mix of voice bearer, voice signaling, and best-effort data traffic. The core and edge networks are engineered to support a mix of services, up to 50% of which is voice traffic. Edition: 2.2 February 2005 10

6 Designing a Pure IGP Backbone Routed IP approach IS-IS and OSPF provide the same type of functionality. BFD increases reliability The RESIP Certified VoIP Trunking design allows operators to use either pure IGP routing or an MPLS solution that offers additional traffic engineering capabilities. This section describes the IGP approach. Operators use IGP to provide loop-free routing information within an autonomous system (AS). An AS is a network that operates under a common network administration. These AS run link state protocols such as OSPF and IS-IS that provide similar functionality and share many common features, including link state algorithms, support for classless route prefixes, and a two-level hierarchical area topology. Juniper Network routers provide robust and scalable support for both IS-IS and OSPF technologies. The two IGP versions use different implementations to support IPv6 and they run on different protocols. IS-IS uses International Organization for Standardization (ISO) addresses, which make it more difficult to spoof than OSPF. Operators can also use IS-IS to configure the hello timers down to 0.333 seconds to enable the network to rapidly recover from failures. Alternatively, both IS-IS and OSPF can utilize BFD to detect failures, including Layer 3 failures, within tens of milliseconds. BFD provides superior reliability by reducing the failure detection time to correspond with the time typically required to detect physical layer failures, such as fiber cuts. 6.1 Setting IGP Metrics IGP uses the link metric settings to identify the shortest paths through the network. Operators can change the default link metrics to influence the shortest path calculations to distribute the traffic more evenly--minimizing the probability of an overload situation. But in a pure IGP scenario, no distinction between different kinds of traffic is made: high and low priority traffic is always forwarded along the same shortest paths to reach a common destination. The design guarantees failover times of less than one second even for large networks. 6.2 Minimizing Failover Time In general terms, the detection time, shortest path first (SPF) delay, and rerouting time determine the length of a given network outage. The RESIP VoIP Trunking solution minimizes outage times in three ways. First, the solution allows operators to speed failure detection by configuring sub-second IS-IS hello messages. This reduces the time it takes to detect Layer 3 failures to between 0.666 seconds and 1 second. Implementing BFD can reduce Layer 3 failure detection times still further to times similar to those achieved for physical failures, which are much easier to detect. The solution supports BFD for both IS-IS and OSPF environments. Second, operators can set the SPF delay according to the maximum geographical distance within the network. Operators use the SPF delay timer to prevent a router from recalculating its routes before it receives all link-state protocol data units from all routers after a topology change or network failure occurs. Even in a worldwide network, these distances should be far below 40,000 km. Consequently, an SPF delay timer of 200 milliseconds is sufficient. Note that the number of router hops is not a consideration, because the forwarding delay measured is in microseconds. Finally, Juniper Network routers implement a high-performance state-of-theart routing engine that achieves very small rerouting times. Large networks that contain several hundred routers can complete the rerouting process in less than 600 to 700 milliseconds. 6.3 Sizing Links As described in Section 2, operators should size their links to transport at Edition: 2.2 February 2005 11

least the high-priority voice bearer and signaling traffic. This needs to be true even in case of a single failure. Depending on the network size, it may not make sense to set the link dimensions to support every theoretically conceivable traffic matrix, as this could lead to a huge amount of unused bandwidth and significant capital expense. Instead, operators should identify a worst-case (but realistic) traffic matrix, which they can use as the basis for sizing the intra-core links. 6.4 Taking a Router Out of Service Both OSPF and IS-IS enable operators to simplify maintenance by configuring the overload bit. When the overload bit is set, the router will signal to its neighboring routers, and the transit traffic will be rerouted to other links without incurring packet loss. 6.5 Analyzing RESIP Lab Results Tests in the RESIP POC Lab confirm that the VoIP Trunking solution provides the following failover times for physical and logical failures: Physical Failures Logical Failures The failover time for physical Layer 1 and Layer 2 failures stays well below 300 milliseconds; barely recognizable for subscribers using a voice service. When operators use typical IGP timer settings, Layer 3 failures can cause outage times that exceed 6 to 10 seconds. This might be acceptable for best-effort data but is detrimental for real-time applications such as voice. Operators can use enhanced sub-second IS-IS hellos to reduce the failover time to approximately 1 second. This short interruption is barely noticeable to subscribers, who will not assume a failure has occurred. Using BFD reduces the failover time still further to less than 300 milliseconds in most cases. It is doubtful most subscribers will even notice this short interruption. QoS and Reliability If a physical or logical failure results in a link overload on a newly chosen route, the RESIP engineering rules ensure that there is enough available bandwidth to transport the high-priority traffic. The rules also ensure that high-priority traffic receives preferential access to that bandwidth over low-priority services. Live network scenarios are available in the RESIP POC Lab to demonstrate the effect on voice quality of outages lasting several 100 milliseconds, 1 second, and 6 to 10 seconds. Generally, if subscribers notice a 1 second outage, they continue to talk and do not hang up. Subscribers are not typically even aware of outages lasting less than 300 milliseconds. Tests show that setting and releasing the overload bit does not result in any outages. Edition: 2.2 February 2005 12

7 Adding MPLS to the Backbone Design MPLS Based Design In the pure IGP design described in Section 6, the network always routes traffic along the shortest path between the source and the destination area. The design does not provide the option to change this path. Consequently, in an IS-IS or OSPF-engineered IGP network, operators must identify the worst-case traffic matrix for voice and engineer the network to it. The RESIP Certified VoIP Trunking Solution gives operators the option to add MPLS to the backbone network design. Operators can use MPLS to configure routers to forward high-priority voice traffic onto label switched paths (LSPs), while continuing to use IGP routes to transport best-effort data. This enables voice and data traffic with the same source and destination area to use different paths through the IP backbone simplifying the process of engineering voice traffic around congested links. Operators can also use MPLS service protection mechanisms to continue forwarding high-priority voice traffic independently of IGP protocol convergence when link or node failures occur. These MPLS protection mechanisms result in sub-second failover times to minimize service interruptions. The three main MPLS protection mechanisms include: MPLS fast reroute MPLS primary/secondary LSPs MPLS load balancing While the first two options are well known, MPLS load balancing is a newer concept that offers two main advantages over the MPLS fast reroute and primary/secondary LSP protection mechanisms. First, MPLS load balancing uses only primary LSPs, enabling operators to access the entire MPLS feature set. In contrast, some capabilities like the auto-bandwidth feature are not available for the secondary or detour LSPs used in the other two protection mechanisms. Second, unlike the other two protection mechanisms, MPLS load balancing protects against the failure of the LSP egress router. 7.1 Understanding Critical LSP Features The MPLS design implemented in the RESIP POC Lab focuses on the following three features: Prioritising traffic on and meeting current traffic demands on LSPs Traffic Prioritization By default, the design does not prioritize LSP traffic over IGP traffic. Routers use the MPLS experimental (EXP) field to insert the LSP traffic into the appropriate high-priority queue. Load Balancing Operators can equip each LSP with its own metric. When several LSPs pointing to the same destination have the same LSP metric, the MPLS network balances the traffic towards that destination across those LSPs. Auto-Bandwidth Feature A well-configured auto-bandwidth feature distributes traffic across the entire network to dynamically adapt to current traffic demands. If a bottleneck occurs, the routers automatically reroute some of the affected LSPs over less congested links. 7.2 Designing the LSP Topology As a rule, the network establishes LSPs from the edge routers towards the destinations. Scaling concerns may prevent large networks from establishing a full mesh of LSPs between all edge routers. In a full mesh topology, the Edition: 2.2 February 2005 13

total number of LSPs equals the square of the number of edge routers. This creates a huge administrative burden for service providers and requires the network to transport a large amount of Resource Reservation Protocol (RSVP) signaling overhead. Therefore, we recommend that service providers choose one of two LSP topology designs, depending on their network size: Network size determines LSP strategy Small/Medium Networks Service providers with small to medium-sized networks can set up their LSPs from edge-to-edge. In this topology, the total number of LSPs is defined by the order of (number of edge routers) x (number of edge routers). Large Networks Service providers with large networks set up LSPs for each edge router towards the destination edge. However, instead of terminating the LSPs at the other edge routers, operators terminate the LSP at the corresponding core router one hop before the edge. In this design, operators use IGP to realize the last hop from the egress core router to the edge router. For a network with 200 edge routers and 20 core routers, using IGP to make the last hop reduces the overall number of LSPs from several tens of thousands to several thousand. 7.3 Maintaining Performance in Case of a Failure The RESIP MPLS project was designed to have at least one LSP available from each access area towards the destination even if a single failure should occur. This design prevents even LSP egress router failures from bringing down traffic on a given link. Secondary LSPs and MPLS fast reroute protection mechanisms are not sufficient to meet this reliability requirement. If the LSP ingress router fails, the affected access area should use a redundancy mechanism such as VRRP to guarantee access to the live edge router for forwarding. This edge router maintains LSPs that can be used to transport the traffic through the network. 7.4 Understanding RESIP Lab Results The MPLS prioritization, auto-bandwidth feature, and failover capabilities described in this section have been tested and are available for demonstration in the RESIP POC Lab. Pure IGP vs. MPLS 7.5 Comparing Pure IGP and MPLS The choice between a pure IGP and MPLS solution is not obvious. Both solutions yield a carrier-grade IP network that can support real-time services such as VoIP Trunking. The MPLS approach is useful for handling highly asymmetric voice traffic distributions. Unlike a pure IGP approach, the MPLS solution can use constraint-based routing to force some voice traffic to choose a path other than the IGP shortest path. Combining MPLS with the auto-bandwidth feature evenly distributes high-priority traffic throughout the network, automating this aspect of network engineering. On the other hand, a pure IGP scenario is less complex and easier to administer. Operators can use link metric optimization to perform network engineering in their pure IGP solution. Edition: 2.2 February 2005 14

8 Conclusion To migrate circuit-switched services to a packet-based network, operators require a solution that provides reliability and service quality equal to or better than their legacy TDM network. The RESIP Certified VoIP Trunking Solution incorporates advances in technology and network design to create a single converged network that raises VoIP services beyond the TDM standard of quality. At the same time, the solution positions providers to offer flexible new revenue-generating services. As this paper describes, this VoIP Trunking solution meets the service transparency, quality, security, scalability, and reliability concerns of voice service providers. Based on the SURPASS hiq8000 and SURPASS hie9200 soft-switches and SURPASS hig1200 Media Gateways, the SURPASS hie IP Trunking solution ensures complete service transparency to legacy voice infrastructures. Using the SURPASS hig1200 packet loss concealment feature allows operators to maintain voice quality, even if the voice bearer traffic exceeds link capacity. The solution achieves QoS by configuring appropriate forwarding classes in the Juniper Networks M- and T-series routers. The RESIP Certified VoIP Trunking Solution also addresses service providers security concerns. The solution applies common security policies across the entire network to secure voice services from network-based attacks and protect against DoS attacks targeting network routers. From a scalability and reliability standpoint, the Siemens and Juniper Networks solution gives service providers the option of implementing either an IGP or MPLS solution. Operators can use the pure IGP approach to support real-time voice services over a carrier-grade IP network that provides sub-second recovery times on link failures. Alternatively, operators can implement a slightly more complex solution that uses MPLS traffic engineering mechanisms to optimise bandwidth management and increase reliability through virtual network resources. Engineering rules and design guidelines are available for service providers who want to take advantage of the RESIP engineering excellence. Learn more! Siemens and Juniper Networks have validated and demonstrated both the pure IGP and the MPLS solutions in the RESIP POC Lab. The two solutions offer comparable QoS support, scalability, and reliability. This enables service providers to choose their VoIP Trunking solution based on their current IP and voice network topology, as well as their staff s current skills, knowledge base, and experience. Finally, service providers can take advantage of professional network audit, design, planning, and implementation services from Siemens to tailor the RESIP engineering work to meet their specific background and needs. For more information about SURPASS Carrier-Grade IP Solutions and the RESIP POC Lab, visit http://www.siemens.com/ip-networks. For more information about Juniper Networks routers, visit http://www.juniper.net. Edition: 2.2 February 2005 15

9 About Siemens and Juniper Networks Siemens Communications is: A Juniper Networks Authorized Education Center to enable operators engineers, An official Partner in the Juniper Networks Content and Applications Alliance to develop revenue generating solutions for operators and are the first Juniper partner to have achieved the status of Juniper Networks Authorized Global Support Provider, which offers the full range of support services from installation to optimization worldwide. The solution-based expertise and experience Siemens has gained in worldwide installations of voice and packet networks has resulted in a range of unrivalled offerings. Siemens is a strong and reliable partner that offers a stable relationship for conducting successful business in the highly competitive carrier market. Our experience and know-how can also be demonstrated with regard to our customer base, strategic partners and in the availability of more than one hundred certified IP experts worldwide. This global presence and a strong service organization support carriers 24 hours a day, 7 days a week. Siemens works together with preferred partner companies, all at the leading edge in their segment, including Juniper Networks, with its leading IP product portfolio for BRAS solutions, edge and core networks and security technologies. Juniper Networks has been helping its customers build the largest, most reliable, and most profitable IP networks in the world for nearly ten years. This blend of world-class offerings and partnerships and our global presence and expertise offer the best possible guarantee that Siemens Next Generation Network solutions are truly carrier-grade. Siemens and Juniper Networks have collaborated to develop an end-to-end IP architecture for next generation networks that supports voice, video and data solutions. This architecture enables service providers to offer an assured experience based on customer and application requirements. RESIP Certified Solutions that have already undergone stringent testing are available to service providers for immediate deployment. Siemens and Juniper Networks are working together to solve the toughest challenges service providers are currently facing. RESIP is designed to help service providers through these tough times of decreasing voice revenue and declining customer base. It includes a well-defined program to develop, test and certify all technology for the next-generation architecture and solutions. The resulting benefits to service providers is a fully tested and complete network architecture that allow multiple certified solutions to be deployed for new revenue opportunities. Siemens Communications is one of the largest players in the global telecommunications industry. Siemens is the only provider in the market that offers its customers a full-range portfolio, from devices for end users to complex network infrastructures for enterprises and carriers as well as related services. Siemens Communications is the world's innovation leader in convergent technologies, products and services for wireless, fixed and enterprise networks Juniper Networks is the leader in enabling secure and assured communications over a single IP network. The company s purposebuilt, high performance IP platforms enable customers to support many different services and applications at scale. Service providers, enterprises, governments and research and education institutions worldwide rely on Juniper Networks to deliver products for building networks that are tailored to the specific needs of their users, services and applications. Juniper Networks portfolio of proven networking and security solutions supports the complex scale, security and performance requirements of the world s most demanding networks. Edition: 2.2 February 2005 16

10 Abbreviations AS Autonomous System BFD Bidirectional Forwarding Detection protocol BGP Border Gateway Protocol CAPEX CAPital EXpenditures DoS Denial of Service DSCP DiffServ Code Point EXP Experimental ICMP Internet Control Message Protocol IGP Interior Gateway Protocol ISDN Integrated Services Digital Network IS-IS Intermediate System-to- Intermediate System ISO International Organization for Standardization LAN Local Area Network LSP Label Switched Path MD5 Message Digest 5 (RFC 1321) MPLS Multiprotocol Label Switching MPLS-TE MPLS Traffic Engineering NGN Next Generation Networks OPEX OSPF PBX POC PSTN QoS RED RESIP RSVP SPF TCP TDM ToS UDP urpf VoIP VRRP WRR OPerational EXpenditures Open Shortest Path First Private Branch Exchange Proof-of-Concept Public Switched Telephone Network Quality of Service Random Early Detection RESilient IP Resource Reservation Protocol Shortest Path First Transmission Control Protocol Time-Division Multiplexing Type of Service User Datagram Protocol unicast Reverse-Path Forwarding Voice over IP Virtual Router Redundancy Protocol Weighted Round-Robin Siemens AG 2005 Communications Hofmannstr. 51 D-81359 Munich, Germany This whitepaper contains general descriptions and performance characteristics, which in case of actual use will not always apply as described herein, or which may change as a result of further development of the products. An obligation to provide the characteristics as described in this whitepaper shall only exist if expressly agreed to in the terms of contract. Availability and technical specifications are subject to change without notice. Printed in Germany. Edition: 2.2 February 2005 17